The proliferation of information technology and e-commerce has significantly made dramatic changes in the processing, management and execution of various activities in different sectors including automotive, pharmaceutical, communication, retail and finance etc. The process of executing commercial transactions electronically with the help of the leading technologies such as Electronic Data Interchange (EDI) and Electronic Fund Transfer (EFT) has enabled new opportunity for users to exchange business information and perform business transactions through electronic means. There are multiple communication channels which are being used to exchange business information such as Internet, IVR Systems, ATM, and POS systems etc. The internet has become one of the vital communication channels to facilitate such automation in these diversified sectors. One of the sectors that have been predominantly using the internet as a primary source for most of the transaction processing is the financial/banking sector. The internet means enables the banking consumers to access their account even from remote electronic devices via banking servers in order to perform several monetary transactions, generally known as online/net-banking transactions. However, in order to facilitate secured transactions over online means, several security authentication standards are implemented on the banking systems so that intruder attacks on the consumer accounts can be avoided. However, the existing systems of uniquely identifying the authorized consumer on the banking servers are cumbersome as the identifiers identifying the consumers are not personalized.
Most banking systems follow either an online/offline account opening procedure detailing the customer identifying information which includes personal profile details including Name, Date of Birth, Residential Address, Identification Number, Photograph, and Signature etc. Banks need not establish the accuracy of every element of the identifying information acquired from the customer, however the banks must compulsory verify enough information to form a reasonable belief that the true identity of the customer is captured and validated. Banks also verify all the applicable and acceptable documentary proofs provided by the customer while opening the account with the bank. Once the customer gets verified, the bank issues a 14-16 digits long unique bank account number to the customer. This Bank Account number is a 14-16 digit alphanumeric string which is generated based on the internal banking process which may be uniquely implemented differentially by each of the banks. These bank account numbers are generated randomly with a sequential logic normally incremented with the addition of each new consumer to the bank. For example, if the latest addition to the bank consumer data is assigned a bank account number as AAA123456, the internally programmed implements a random algorithms that will assign an account number AAA123457 to the subsequent consumer subscribing with the bank. However, this implementation logic may vary from bank-to-bank and hence an individual consumer having three different bank accounts may have three different variable length (practically 14-16 digits long) distinct bank account identifiers.
Traditionally, identification and authentication is carried out using two separate data elements, one element being used for identification (username, account ID and email address etc.) and the second data element (password, PIN, biometric sample etc.) is used for authentication which is a secret or personalized element. The user provides these data elements as two separate entities.
Many banking systems provide a facility to customers for creating online account names (login IDs) or account aliases but these have limitations, wherein the customer has to choose a name complying with the specified rules and also it needs to be unique across the whole system. Likewise, even other channels of remote banking such as mobile banking also demand account number and other details such as credit/debit card number on IVR and other interactive channels which are generally tough to memorize. At the same time each user needs to remember multiple account details (identifier, pin, password etc.) for different online accounts for accessing via different channels including mobile, IVR, ATMs, and POS etc.
Biometric authentication has been implemented for user authentication and thereby granting access to the authenticated users after successful validation. In these systems, generally, a biometric sample such as voice, fingerprint and eye retina etc. is captured from each user and stored as a golden copy in a database. This golden copy of biometric sample is associated with the user's account number and mapped at the time of authentication.
The algorithms used in the existing biometric authentication techniques rely on generating a confidence score that signifies the probability of a match. According to the traditional biometric authentication technique, the user asking for validation on the biometric machine is considered to be genuine and authorized user when the matching score for the corresponding user is above a pre-defined threshold score. Thus, there is a high probability of two or more consumers getting a high enough confidence score.
These kinds of one step biometric authentication are implemented on comparatively smaller systems such as door locking and desktop login wherein only a biometric sample is captured and directly compared with the previously stored templates for user authentication. Such mechanism of template matching is time consuming and generally takes considerably large processing time varying between 100-1000 times than the text matching processes and also the probability of false matching is very low in case of a small database (small set of consumers). Such type of biometric authentication therefore increases the false match probability as well as the turn-around time to complete the entire database scan.
Current biometric authentication systems utilize a single generic algorithm and model for every individual. For example if a right user is negatively identified by the system then there is no provision in the system to receive this feedback and improve itself to identify this user correctly in future attempts. At present, the current false acceptance rate (FAR) for voice and Handwriting biometric is 0.02% while for hand and finger it is 0.002% as proven by the industry.
This one-step biometric authentication technique, if implemented for identification and authentication of bank consumers having personalized non-unique account identifiers, may often result in multiple matches (ambiguous result) and also take a very long time.